Debian Bug report logs -
#962467
severe memory issue in gnutls
Reported by: Björn JACKE <debianbugs@j3e.de>
Date: Mon, 8 Jun 2020 13:27:01 UTC
Severity: normal
Found in version gnutls28/3.6.14-1
Fixed in version gnutls28/3.6.14-2
Done: Andreas Metzler <ametzler@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, unknown-package@qa.debian.org:
Bug#962467; Package gnutls30.
(Mon, 08 Jun 2020 13:27:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Björn JACKE <debianbugs@j3e.de>:
New Bug report received and forwarded. Copy sent to unknown-package@qa.debian.org.
(Mon, 08 Jun 2020 13:27:03 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: gnutls30
there's a memory leak in gnutls in conjunction with AES CCM mode.
For details see also
https://bugzilla.samba.org/show_bug.cgi?id=14399
https://gitlab.com/gnutls/gnutls/-/merge_requests/1277
please ship that fix from
https://gitlab.com/gnutls/gnutls/-/merge_requests/1278
please ship this fix as soon as possible
Bug reassigned from package 'gnutls30' to 'src:gnutls28'.
Request was from Mattia Rizzolo <mattia@debian.org>
to control@bugs.debian.org.
(Mon, 08 Jun 2020 14:21:02 GMT) (full text, mbox, link).
Marked as found in versions gnutls28/3.6.14-1.
Request was from Mattia Rizzolo <mattia@debian.org>
to control@bugs.debian.org.
(Mon, 08 Jun 2020 14:21:03 GMT) (full text, mbox, link).
Reply sent
to Andreas Metzler <ametzler@debian.org>:
You have taken responsibility.
(Thu, 11 Jun 2020 10:09:05 GMT) (full text, mbox, link).
Notification sent
to Björn JACKE <debianbugs@j3e.de>:
Bug acknowledged by developer.
(Thu, 11 Jun 2020 10:09:05 GMT) (full text, mbox, link).
Message #14 received at 962467-close@bugs.debian.org (full text, mbox, reply):
Source: gnutls28
Source-Version: 3.6.14-2
Done: Andreas Metzler <ametzler@debian.org>
We believe that the bug you reported is fixed in the latest version of
gnutls28, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 962467@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Metzler <ametzler@debian.org> (supplier of updated gnutls28 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 11 Jun 2020 11:27:34 +0200
Source: gnutls28
Architecture: source
Version: 3.6.14-2
Distribution: unstable
Urgency: medium
Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>
Changed-By: Andreas Metzler <ametzler@debian.org>
Closes: 962467
Changes:
gnutls28 (3.6.14-2) unstable; urgency=medium
.
* Pull selected patches from upstream GIT:
+ 50_01-serv-omit-upper-bound-of-maxearlydata-option-definit.patch:
Fixes difference in generated docs on 32 and 64 bit archs.
+ 50_02-gnutls_aead_cipher_init-fix-potential-memleak.patch
50_03-gnutls_cipher_init-fix-potential-memleak.patch
Fix memleak in gnutls_aead_cipher_init() with keys having invalid
length. (Broken since 3.6.3)
+ 50_04-crypto-api-always-allocate-memory-when-serializing-i.patch
Closes: #962467
Checksums-Sha1:
d7075a580544545fb72f3872590b3047c33c4ddb 3479 gnutls28_3.6.14-2.dsc
f29f8ef49ba278d20a5a619673ff8b70d1baa803 65404 gnutls28_3.6.14-2.debian.tar.xz
Checksums-Sha256:
c45f3443e574c1ba34b65e3c1165adb9a0a911af57cb1e333f976d8206841b4d 3479 gnutls28_3.6.14-2.dsc
dc8574598e599fb83fba2b3163c03d7e9976ddc7e2609c3916f28f09f118d9d8 65404 gnutls28_3.6.14-2.debian.tar.xz
Files:
de6d49f4929e88c74eb0795b293f4318 3479 libs optional gnutls28_3.6.14-2.dsc
c5a0234626fb6655c51e82f6d3df6b31 65404 libs optional gnutls28_3.6.14-2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAl7h/YQACgkQpU8BhUOC
FIR7AxAAkbnWLqVr7ndhrUiclgyI3z3cMRTfHGbb6k1aLE9NPRA74xUQNElIsJiv
kL1KSyZRIp0q6kF3rbZ9Gg4gbo+PrAAOigFbJ6iA37OR2y0jHXdP5uZFGzI+wAaK
SFtrbbriV0U8Cu1C9I4wl8HeVu87nSFLK2PRAF+V3ft0DessyhQG0aXiFjIvyoGu
sCEF/6f+Jm85SUhW3nAnN49+hgHEeu0/jXdeVFDKMr1W/NIkvtyen3pCZ/OGac+B
t1HtTFnbA0OSC0KZ4+yFFnpoBryXzsm2JNZNcVQB9iOxiE7bYeQGuGTMuh6ISCxb
/HBMjK+mKAIRymH4thMM/eehU7mUH4xOTXkhrJrfGtBI/2Yaj0XNriPIqNq3T+Zo
QsEki7P1/U/YFX6CIp7Z2hQZg+w3gHOjZoWFtLLRB+cZo3PMCmUv6ZbkmZSspb6h
qMfybIRIOR5EEJKbs6mnndLslOSfLVae0jxq3Zjx/QojC+OX5hy3P06e6aR6kkjV
wuOnpn0Xvaw4KoFtOJcVclEX3VVn2Gym31309KOwo6RxoJdMFvmYqAdH/5mSzEBj
xqrYhpwp4S7Y5Ovf2KklRQUjbyndWUYItGcjurRr9J+YOh2XirOVymn4+Ai9PO7+
urVNWh/mCNJlJ0VtCUPd6RuVlyKCKXQANX/WKciTEKxugO3qDEo=
=gdM4
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 11 Jul 2020 07:28:16 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Thu Aug 8 03:31:49 2024;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.